CoCalc -- TwoHash.java

GitHub Repository: PojavLauncherTeam/mobile
Path: blob/master/test/jdk/sun/security/pkcs/pkcs7/TwoHash.java
⁴¹¹⁵³ views
1
/*
2
 * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/*
25
 * @test
26
 * @bug 8255494
27
 * @summary Make sure the signature algorithm to verify a PKCS7 block is
28
 *      DIGwithENC instead of HASHwithENC.
29
 * @modules java.base/sun.security.pkcs
30
 *          java.base/sun.security.tools.keytool
31
 *          java.base/sun.security.x509
32
 */
33

34
import sun.security.pkcs.PKCS7;
35
import sun.security.tools.keytool.CertAndKeyGen;
36
import sun.security.x509.X500Name;
37

38
import java.nio.charset.StandardCharsets;
39
import java.security.cert.X509Certificate;
40

41
public class TwoHash {
42
    public static void main(String[] args) throws Exception {
43

44
        byte[] content = "Hello You fool I love you".getBytes();
45

46
        CertAndKeyGen cak = new CertAndKeyGen("EC", "SHA512withECDSA");
47
        cak.generate("secp256r1");
48
        byte[] signature = PKCS7.generateNewSignedData(
49
                "SHA256withECDSA",
50
                null,
51
                cak.getPrivateKey(),
52
                new X509Certificate[] {cak.getSelfCertificate(new X500Name("CN=Me"), 1000)},
53
                content,
54
                false,
55
                true, // direct sign, so that RFC 6211 check is not possible
56
                null);
57

58
        // The original signature should verify.
59
        if (new PKCS7(signature).verify(content) == null) {
60
            throw new RuntimeException("Should be verified");
61
        }
62

63
        // Modify the SHA256withECDSA signature algorithm (OID encoded as
64
        // "06 08 2A 86 48 CE 3D 04 03 02") to SHA384withECDSA (OID encoded as
65
        // "06 08 2A 86 48 CE 3D 04 03 03"). ISO_8859_1 charset is chosen
66
        // because it's a strictly one byte per char encoding.
67
        String s = new String(signature, StandardCharsets.ISO_8859_1);
68
        String s1 = s.replace(
69
                "\u0006\u0008\u002A\u0086\u0048\u00CE\u003D\u0004\u0003\u0002",
70
                "\u0006\u0008\u002A\u0086\u0048\u00CE\u003D\u0004\u0003\u0003");
71
        byte[] modified = s1.getBytes(StandardCharsets.ISO_8859_1);
72

73
        // The modified signature should still verify because the HASH
74
        // part of signature algorithm is ignored.
75
        if (new PKCS7(modified).verify(content) == null) {
76
            throw new RuntimeException("Should be verified");
77
        }
78
    }
79
}
80

81
Product

Resources

Company
